Facebook alliance with Websense not enough, experts say
Facebook has taken a step in the right direction, but it still has work to do in cleaning its house, according to two industry experts.
October 06, 2011 — CSO —
Facebook just got safer, according to a press release last week from the social networking giant and the Internet security firm Websense.
But safer does not mean safe, according to other web security experts, who say that while Websense technology will bring a measure of security to the site's 700 million members against the dangers that lurk outside Facebook, the company still has a lot to do to clean its own house.
[More details on malicious links in 5 Facebook, Twitter scams to avoid]
The Websense technology is aimed at malicious links -- helping Facebook users avoid falling for common scams that seek to trick them into clicking through to sites where their information could be stolen or their device infected.
If users click on a suspicious link, they will be warned on a page that will let them continue at their own risk, return to the previous screen or get more information on why the site was flagged.
But it does not address malicious applications found on the site itself, which could lead to malware being downloaded to their computers.
"Oddly, they seem to be looking outward, as if everything is lily white on the inside," says Toronto-based independent security consultant James Arlen. "To be blunt, until you've cleaned up your own house, you should shut up (about security)."
[ Read our guide to social media risks]
And Arlen says Facebook has a lot of cleaning up to do.
"When you say the outside is bad, you're saying the inside is good, which is ('1984') Ministry of Information stuff," he says, adding that he doesn't think the risks have changed for the average user.
"They've made it easier for people to find you, which means it is easier for people to stalk you. They don't provide parental controls. They're not dealing with the fact that if you want to see a 16-year-old with her top off, go to Facebook. And the ease with which common accounts are violated is kind of shocking."
Rafal Los, enterprise and cloud security strategist for Hewlett-Packard, says the collaboration with Websense is "addressing the symptoms and not the root cause" of risks to Facebook users. The company, he says, needs to "fix the API, more or less. They need to review all the applications that go into their ecosystem. But, anytime something grows that large, the ability to control the content gets more difficult."
Los says part of the problem is that for Facebook to remain competitive, "they have to continue to have the latest and greatest (apps)," and the company apparently does not have the means or the will to review them all.
"It's throwing a Band-Aid on the problem," he says, "where the new cool is winning over safety and security.
The new collaboration is better than nothing, Arlen says. "But barely good enough is not good enough. It's like living in a house that barely meets code. I don't want to live in a place that's going to fall down in 10 years."
CSO's Daily Dashboard gives you a one-stop view of latest business threats. We created it for you! Bookmark it! Use it!
Get your morning news fix with the daily Salted Hash e-newsletter! Sign up today.
Read more about social networking security in CSOonline's Social Networking Security section.
Other stories by Taylor Armerding